posted August 01, 2001 04:13 AM
Officials continue warning computer users about 'Code Red' worm
By CHRISTOPHER NEWTON
The Associated Press
8/1/01 3:32 AM
WASHINGTON (AP) -- The viruslike "Code Red" worm hasn't reared its head again yet, but federal officials monitoring Internet traffic say they won't know for sure that the Internet clogger hasn't returned until next week.
The original Code Red worm took seven days to hit its stride, according to Alan Paller, director of research at the SANS Institute, a computer security think-tank.
"We don't know yet whether we are safe and we won't know for sure until seven days pass with no major disruptions" said Paller, who was helping the FBI monitor the Internet. "We never expected to know whether there was a problem today."
Government and private security officials made a last-ditch effort Tuesday to persuade Internet site operators to inoculate their computers against the Code Red worm.
"There has been an amazing effort to ensure that the public and private sector proofed their computers against (Code Red)," said Ronald L. Dick, the director of the FBI's National Infrastructure Protection Center.
"As of now, the Internet is operating normally."
The worm can spread quickly without human intervention on unprotected Internet computer servers and threatened to slow down Web traffic. It does not affect most home computers.
The malicious program can only be stopped if enough Web site operators install Microsoft's software patch, which plugs the security hole the worm uses to attack.
FBI officials said late Tuesday that over a million people had downloaded the patch from Microsoft. Although it was impossible to guess how many computers have actually been fixed, the FBI seemed optimistic.
"This should have a measurable impact upon the overall effect of the worm," the FBI's National Infrastructure Protection Center said in a statement.
Experts' predictions ranged from the infection of a million or more computers and a massive Internet slowdown to little effect. The government took few chances, pressing to get as many Web site operators as possible to inoculate their systems before the attack.
Code Red infected several hundred thousand computers during its first outbreak July 19. Russ Cooper, surgeon general for TruSecure Corp., said the new spread could reach half-million to a million computers within three days.
As a result, the infected computers would spew out more junk data than the Internet can handle, Cooper said, resulting in "a meltdown."
"If it does slow down as I expect it will, then you won't even be able to get to Microsoft's site to install the patch," Cooper said. "I expect that to happen."
Code Red is the most infamous computer worm since the first worm, created in 1988, which took down most of the fledgling Internet.
Other computer security experts were more measured in their predictions, saying that it would cause some troubles but that the onslaught of media coverage would prompt computer users to fix their systems.
David Perry, of antivirus program maker Trend Micro, likened the strident warnings from government officials and constant cable television news coverage to stockpiling for the Year 2000 conversion.
"I would suggest that because of Code Red, there's no reason to go out and buy mass quantities of beef jerky," Perry said.
Experts worried that newly discovered versions of the worm can be reprogrammed to launch crippling attacks on any Web site. "This thing is just way too easy to modify," Cooper said.
FBI spokeswoman Debbie Weierman said the government doesn't know if all federal computers are protected, but a Pentagon spokesman said Tuesday that they believe Defense systems are safe. Last week, the Pentagon shut down public access to Web sites to purge the worm.
Web site administrators running Microsoft Windows NT and 2000 operating systems, along with the Internet Information Services software, should download the patch from Microsoft's Web site. Users running Windows 95, 98 or Me are not vulnerable.
On the Net:
National Infrastructure Protection Center: http://www.nipc.gov
Microsoft Security Patch: http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
Code Red technical data: http://www.digitalisland.net/coderedalert